Recent Advisories

Severity ID Title Vendor Product Date Type
CRITICAL 9.3 CVE-2026-34112

Guardian Language-System Unauthenticated OS Command Injection via id Parameter in speechmac.php_CVE-2026-34112

Guardian language-system passes the id GET parameter directly into a PHP exec() call in speechmac.php (line 18) without sanitization: exec(\"php jo...

guardian language-system CVE
CRITICAL 9.3 CVE-2026-34109

Guardian Language-System Unauthenticated OS Command Injection via id Parameter in speech.php_CVE-2026-34109

Guardian language-system passes the id GET parameter directly into a PHP exec() call in speech.php (line 18) without sanitization: exec(\"php jobs/...

guardian language-system CVE
HIGH 7.4 CVE-2026-57736

WordPress HubSpot plugin <= 11.3.51 - Sensitive Data Exposure vulnerability_CVE-2026-57736

Insertion of Sensitive Information Into Sent Data vulnerability in HubSpot allows Retrieve Embedded Sensitive Data. This issue affects HubSpot: fr...

HubSpot HubSpot n/a CVE
HIGH 7.4 CVE-2026-57723

WordPress VikBooking Hotel Booking Engine & PMS plugin <= 1.8.12 - CSRF to Arbitrary File Deletion vulnerability_CVE-2026-57723

Cross-Site Request Forgery (CSRF) vulnerability in e4jvikwp VikBooking Hotel Booking Engine & PMS allows Path Traversal. This issue affects VikBoo...

e4jvikwp VikBooking Hotel Booking Engine & PMS n/a CVE
MEDIUM 5.9 CVE-2026-57722

WordPress Enable Media Replace plugin <= 4.2.1 - Cross Site Scripting (XSS) vulnerability_CVE-2026-57722

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ShortPixel Enable Media Replace allows Stored...

ShortPixel Enable Media Replace n/a CVE
HIGH 7.5 CVE-2026-54428

Apache HttpComponents Core: HPackDecoder Unlimited Header List Size Before SETTINGS ACK_CVE-2026-54428

Allocation of resources without limits or throttling in the HTTP/2 HPACK decoder in Apache HttpComponents Core (5.4.2 and earlier, 5.5-beta1 and ea...

Apache Software Foundation Apache HttpComponents Core 5.5-alpha CVE
MEDIUM 6.5 CVE-2026-51946

CVE-2026-51946_CVE-2026-51946

SQL Injection vulnerability in GoAdminGroup GoAdmin (last release v1.2.26) allows a remote attacker to execute arbitrary code and obtain sensitive ...

n/a n/a n/a CVE
HIGH 8 CVE-2026-49091

Improper Output Neutralization for Logs in Kibana Leading to Log Injection_CVE-2026-49091

Improper Output Neutralization for Logs (CWE-117) in Kibana can lead to log injection via Log Injection-Tampering-Forging (CAPEC-93). An attacker c...

Elastic Kibana 8.0.0 CVE
HIGH 7.3 CVE-2026-46680

containerd user ID handling bypass allows runAsNonRoot evasion_CVE-2026-46680

containerd is an open-source container runtime. In versions prior to 1.7.32, 2.0.9, 2.2.4 and 2.3.1, containers launched with a numeric User direct...

containerd containerd < 1.7.32 CVE
MEDIUM 6.9 CVE-2026-58517

Blocked users can create and edit WikiLambda objects_CVE-2026-58517

Improper neutralization of input terminators vulnerability in The Wikimedia Foundation Mediawiki - WikiLambda Extension allows Authentication Bypas...

The Wikimedia Foundation Mediawiki - WikiLambda Extension * CVE